hxxps://www[.]mediafire[.]com/file/v7l2uzucofruckx/DupeMod9[.]2[.]jar/file

Analysis

max time kernel
1800s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2023, 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/v7l2uzucofruckx/DupeMod9.2.jar/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133343789193647855"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
812	chrome.exe
812	chrome.exe
4448	chrome.exe
4448	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe
Token: SeShutdownPrivilege	812	chrome.exe
Token: SeCreatePagefilePrivilege	812	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe
812	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 812 wrote to memory of 1384	812	chrome.exe	84
PID 812 wrote to memory of 1384	812	chrome.exe	84
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 4812	812	chrome.exe	87
PID 812 wrote to memory of 1044	812	chrome.exe	88
PID 812 wrote to memory of 1044	812	chrome.exe	88
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89
PID 812 wrote to memory of 396	812	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/v7l2uzucofruckx/DupeMod9.2.jar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffacdb19758,0x7ffacdb19768,0x7ffacdb19778
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:2
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4548 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4964 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5016 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5352 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5564 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5572 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6180 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6312 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6316 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6860 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6176 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6964 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7000 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6972 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4424 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6524 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7096 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6176 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7360 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7532 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7680 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1892 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6132 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6452 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6316 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7528 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7016 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7004 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8004 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8012 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8448 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6588 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6680 --field-trial-handle=1940,i,10196781475098635323,4842091492153018979,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
56dada77afb3593a33a954b48a9c574c

SHA1
a3b7841d7a8e2ff5eeeab6781bf80bd61a9e9ba1

SHA256
eef083f11d3202518aa669680395406bc4881a03e87782eaeacedf31f761ed58

SHA512
9c6c99411bfd66639e0ef9f6ae913b4c0219918add6ba7c0478b9d94e14db67d954f0f182486178bc722c70ccc2d984557c35eab1e2d64bf8c398bf91cf256de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
565e1618bea718312a644fa6b25e26e7

SHA1
235d724c3d988ff4df0e5a856eb800c45b2df422

SHA256
af621e7be0d4d9f5d21349889577e98014ca38ef5cf3f8c16aace15f21870a82

SHA512
05b0d0a93590bfd461dea9f6af3442524a332bb0dbc14e59bb18bf525484c6d885ecf7630471aeb9ba8ad1d7c170b277fa23fd67c32d75024c0322c9b4a5ff69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
b5efc09295b302d4576f451918c88585

SHA1
19dacaa2e24339c5b15a4820fa5815217320aba1

SHA256
06dacd224cd847d28af8e44d7fa476a66242f916848aaba792da00526e04b96f

SHA512
c14520e9c3b67d0bfb9257760626d6ddba7f427701a6afbeba793ec05c916807f89de5a7d0adde4e6abfbd254482d9f8653fb7dae1da8cf7cf39bda078127f16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
80af06ad996efdb9b613cc641dd88abe

SHA1
3b45ffaab9d10e9e10b806275e6757cd8d99a61c

SHA256
c7f4d4d8c26725371b521cd0b80592ebe70efd7c61c96e8ad9ccd60f21843273

SHA512
f78ec119fe53a62256d9444b1dc49745f9859045a739aebab6b811243a69027ea9dcb6ec0327ceb80f4993a03487d24e17b7a5bdce28069ca93e25acbb2be544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5d47ce41e549d0131fd2e83cea55508c

SHA1
c7c850a37edd8d29a5e52eb8ebb32cb4c958222d

SHA256
b1d0a9fb527171ef9e2928c496a37452d7f4464435a33570545839dc7f1db133

SHA512
977d8ec2b13e81e563d7c193b385bcaf27fcf805279135da577443cee5456997e320a0da5844b5a7311edb9b8358f90e146fb330d7bf90697fd95731d569613e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
56940ef6e7fed7f9f004663bafd53dc5

SHA1
6539fcb101df5b6a1a46f007b26a0e9f1f8b2fee

SHA256
ad400e7603e58e933acc5abb469a95548be41dbe401c2bfc40068481d54c9bfe

SHA512
b1d43530951554c586e86a069c966e3448dca7168df8d5373283ad4191679b64440ff1a10c174a4c876be8cb38db114d41fe942bff0fe4a6b4b3a6fbf2273f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8cb815f268b91eb2992b7d48eac2b424

SHA1
19014a10a282446aef619ac27bd44cfa51139775

SHA256
24d9975f4533b00303a5c4981e13bbce72c033acbf78e52cb7d4e4421a52413b

SHA512
d9f3954a7b447c2c421636cf7a7578a702ca4ed70a793180e952603a02173647fdef068890ae8c1c3aa5ead2742a9d5622c9a5ecab4127f102a1aeffc24d2b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
935ea15b49fe406b6bb61ddce6d852a0

SHA1
fdf62e081f3d1a412d57cff90e3335bf8310e50c

SHA256
7af0badf806aac4cae3bed75e00a2f7bc21574b9b27d06ea4e3ac35531ea1e8b

SHA512
f00fad942880a232cb9f00b6de9f1f1467689aa14908f98c2110a6bab03383900563abb4904a0ee585801950188e8b69e65901fb27bc9d51c5277aa86273ad3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
311479ab6e66256e4b2bfb1af6b66c68

SHA1
ab69b6df3f3ef2e6d6b34a26cbc423ad34d95294

SHA256
78c5c8c46a4490db399ede178b7bdb583db77769a38a57a922496ad967f44b11

SHA512
9e68a4c186e111f64d889439104369a430e51edc3f9bff8545151e6fba1386b477fadf707cf970c45f6bdd7fa7a544094496aef8f09cae84aaca33abf4f04185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
e23270ec76e01575ca75ce551e51d852

SHA1
27ff52f41a445e83162b001f2c6b65bf49da701c

SHA256
727022a7da6daa904b0b20762524d8748b8b88c32c8bd70a6b981ec9b51d244d

SHA512
ee5208790828dbb25483fdeb947a99eb982613a650432aacfd2546ded0bb568765cd33097d48003aae7a2908b6caa0669817b4b1f269b87dd2bbcc73a561a7e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit